<?php
/* -------------------------------------------------------------------------------------
* 	ID:						$Id: reviews.php 106 2013-09-21 12:07:11Z phone.mueller@googlemail.com $
* 	Letzter Stand:			$Revision: 106 $
* 	zuletzt geaendert von:	$Author: siekiera $
* 	Datum:					$Date: 2013-09-21 12:07:11 +0000 (Sat, 21 Sep 2013) $
*
* 	SEO:mercari by Siekiera Media
* 	http://www.seo-mercari.de
*
* 	Copyright (c) since 2011 SEO:mercari
* --------------------------------------------------------------------------------------
* 	based on:
* 	(c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
* 	(c) 2002-2003 osCommerce - www.oscommerce.com
* 	(c) 2003     nextcommerce - www.nextcommerce.org
* 	(c) 2005     xt:Commerce - www.xt-commerce.com
*
* 	Released under the GNU General Public License
* ----------------------------------------------------------------------------------- */

require('includes/application_top.php');
require_once (DIR_FS_INC.'inc.set_reviews_status.php');

if(isset($_GET['flag']) && ($_GET['action'] == 'edit')) {
	set_reviews_status($_GET['id'], $_GET['flag']);
	redirect(href_link(FILENAME_REVIEWS, 'page='.$_GET['page'].'&action=edit&rID='.$_GET['rID'].'&id='.$_GET['rID'], 'NONSSL'));
}

if ($_GET['action']) {
	switch ($_GET['action']) {
  		case 'setflag':
	  		set_reviews_status($_GET['id'], $_GET['flag']);
      		redirect(href_link(FILENAME_REVIEWS, '', 'NONSSL'));
      	break;

		case 'update':
        	$reviews_id = $_GET['rID'];
	        $reviews_rating = $_POST['reviews_rating'];
	        $last_modified = $_POST['last_modified'];
	        $reviews_text = $_POST['reviews_text'];

	        $db->db_query("UPDATE
	        					".TABLE_REVIEWS."
	        				SET
	        					reviews_rating = ".$db->db_prepare($reviews_rating).",
	        					last_modified = NOW()
	        				WHERE
	        					reviews_id = ".$db->db_prepare($reviews_id));
	        					
	        $db->db_query("UPDATE
	        					".TABLE_REVIEWS_DESCRIPTION."
	        				SET
	        					reviews_text = ".$db->db_prepare($reviews_text)."
	        				WHERE
	        					reviews_id = ".$db->db_prepare($reviews_id));

	        redirect(href_link(FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$reviews_id));
			break;

	    case 'deleteconfirm':
	        $reviews_id = $_GET['rID'];

	        $db->db_query("DELETE FROM ".TABLE_REVIEWS." WHERE reviews_id = ".$db->db_prepare($reviews_id));
	        $db->db_query("DELETE FROM ".TABLE_REVIEWS_DESCRIPTION." WHERE reviews_id = ".$db->db_prepare($reviews_id));

	        redirect(href_link(FILENAME_REVIEWS, 'page='.$_GET['page']));
        	break;
	}
}
require(DIR_WS_INCLUDES.'metatag.php');
?>
</head>
<body>
<?php require(DIR_WS_INCLUDES.'header.php'); ?>
<div id="wrapper">
	<table class="outerTable" cellpadding="0" cellspacing="0">
		<tr>
			<td class="columnLeft2" width="<?php echo BOX_WIDTH; ?>" valign="top">
				<?php require(DIR_WS_INCLUDES.'column_left.php'); ?>
			</td>
			<td class="boxCenter" valign="top">
				<table border="0" width="100%" cellspacing="0" cellpadding="0">
					<tr>
						<td width="100%">
							<table class="table_pageHeading" border="0" width="100%" cellspacing="0" cellpadding="0">
								<tr>
									<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
								</tr>
							</table>
						</td>
					</tr>
				<?php
				if ($_GET['action'] == 'edit') {
					$rID = $_GET['rID'];
		
					$reviews = $db->db_query("SELECT 
													r.reviews_id, 
													r.products_id, 
													r.customers_name, 
													r.date_added, 
													r.last_modified, 
													r.reviews_read, 
													rd.reviews_text, 
													r.reviews_rating, 
													r.reviews_status 
												FROM 
													".TABLE_REVIEWS." r, 
													".TABLE_REVIEWS_DESCRIPTION." rd 
												WHERE 
													r.reviews_id = '".$rID."' 
												AND 
													r.reviews_id = rd.reviews_id");
													
					$products = $db->db_query("SELECT 
													products_image 
												FROM 
													".TABLE_PRODUCTS." 
												WHERE 
													products_id = '".$reviews->fields['products_id']."'");
		
					$products_name = $db->db_query("SELECT 
														products_name 
													FROM 
														".TABLE_PRODUCTS_DESCRIPTION." 
													WHERE 
														products_id = '".$reviews->fields['products_id']."' 
													AND 
														language_id = '".$_SESSION['languages_id']."'");
			
			
					$rInfo_array = array_merge($reviews->fields, $products->fields, $products_name->fields);
					$rInfo = new objectInfo($rInfo_array);
				?>
					<tr>
						<?php echo draw_form('review', FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$_GET['rID'].'&action=preview'); ?>
						<td>
							<table border="0" width="100%" cellspacing="0" cellpadding="0">
								<tr>
									<td class="main" valign="top">
										<b><?php echo ENTRY_PRODUCT; ?></b> <?php echo $rInfo->products_name; ?><br /><b>
										<?php echo ENTRY_FROM; ?></b> <?php echo $rInfo->customers_name; ?><br /><br />
										<b><?php echo ENTRY_DATE; ?></b> <?php echo date_short($rInfo->date_added); ?><br />
										<b>Status dieser Bewertung:</b> 
										<?php 
										if ($rInfo->reviews_status == 1) {
											echo image(DIR_WS_IMAGES.'icon_status_green.gif', IMAGE_ICON_STATUS_GREEN).'&nbsp;&nbsp;<a href="'.href_link(FILENAME_REVIEWS, 'flag=0&page='.$_GET['page'].'&action=edit&rID='.$_GET['rID'].'&id='.$_GET['rID'], 'NONSSL').'">'.image(DIR_WS_IMAGES.'icon_status_red_light.gif', IMAGE_ICON_STATUS_RED_LIGHT).'</a>';
										} else {
											echo '<a href="'.href_link(FILENAME_REVIEWS, 'flag=1&page='.$_GET['page'].'&action=edit&rID='.$_GET['rID'].'&id='.$_GET['rID'], 'NONSSL').'">'.image(DIR_WS_IMAGES.'icon_status_green_light.gif', IMAGE_ICON_STATUS_GREEN_LIGHT).'</a> '.image(DIR_WS_IMAGES.'icon_status_red.gif', IMAGE_ICON_STATUS_RED);
										}
										?>
									</td>
									<td class="main" align="right" valign="top">
										<?php echo image(HTTP_CATALOG_SERVER.DIR_WS_CATALOG_THUMBNAIL_IMAGES.$rInfo->products_image, $rInfo->products_name); ?>
									</td>
								</tr>
							</table>
						</td>
					</tr>
					<tr>
						<td>
							<table witdh="100%" border="0" cellspacing="0" cellpadding="0">
								<tr>
									<td class="main" valign="top">
										<b><?php echo ENTRY_REVIEW; ?></b><br /><br />
										<?php echo draw_textarea_field('reviews_text', 'soft', '60', '15', $rInfo->reviews_text); ?>
									</td>
								</tr>
								<tr>
									<td class="smallText" align="right"><?php echo ENTRY_REVIEW_TEXT; ?></td>
								</tr>
							</table>
						</td>
					</tr>
					<tr>
						<td>&nbsp;</td>
					</tr>
					<tr>
						<td class="main">
							<b><?php echo ENTRY_RATING; ?></b>&nbsp;<?php echo TEXT_BAD; ?> 
							<?php 
								for ($i=1; $i<=5; $i++) 
									echo draw_radio_field('reviews_rating', $i, '', $rInfo->reviews_rating).'&nbsp;'; echo TEXT_GOOD; ?>
						</td>
					</tr>
					<tr>
						<td>&nbsp;</td>
					</tr>
					<tr>
						<td align="right" class="main">
							<?php echo draw_hidden_field('reviews_id', $rInfo->reviews_id).
							draw_hidden_field('products_id', $rInfo->products_id).
							draw_hidden_field('customers_name', $rInfo->customers_name).
							draw_hidden_field('products_name', $rInfo->products_name).
							draw_hidden_field('products_image', $rInfo->products_image).
							draw_hidden_field('date_added', $rInfo->date_added).
							'<input type="submit" class="button" onClick="this.blur();" value="'.BUTTON_PREVIEW.'"/> <a class="button" onClick="this.blur();" href="'.href_link(FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$_GET['rID']).'">'.BUTTON_CANCEL.'</a>'; ?>
						</td>
					</form>
				</tr>
				<?php
				} elseif ($_GET['action'] == 'preview') {
					if ($_POST) {
						$rInfo = new objectInfo($_POST);
					} else {
						$reviews = $db->db_query("SELECT 
														r.reviews_id, 
														r.products_id, 
														r.customers_name, 
														r.date_added, 
														r.last_modified, 
														r.reviews_read, 
														rd.reviews_text, 
														r.reviews_rating 
													FROM 
														".TABLE_REVIEWS." r, 
														".TABLE_REVIEWS_DESCRIPTION." rd 
													WHERE 
														r.reviews_id = '".$_GET['rID']."' 
													AND 
														r.reviews_id = rd.reviews_id");
														
						$products = $db->db_query("SELECT 
														products_image 
													FROM 
														".TABLE_PRODUCTS." 
													WHERE 
														products_id = '".$reviews->fields['products_id']."'");
			
						$products_name = $db->db_query("SELECT 
															products_name 
														FROM 
															".TABLE_PRODUCTS_DESCRIPTION." 
														WHERE 
															products_id = '".$reviews->fields['products_id']."' 
														AND 
															language_id = '".$_SESSION['languages_id']."'");
			
						$rInfo_array = array_merge($reviews->fields, $products->fields, $products_name->fields);
						$rInfo = new objectInfo($rInfo_array);
					}
				?>
				<tr>
					<?php echo draw_form('update', FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$_GET['rID'].'&action=update', 'post', 'enctype="multipart/form-data"'); ?>
					<td>
						<table border="0" width="100%" cellspacing="0" cellpadding="0">
							<tr>
								<td class="main" valign="top">
									<b><?php echo ENTRY_PRODUCT; ?></b> <?php echo $rInfo->products_name; ?><br />
									<b><?php echo ENTRY_FROM; ?></b> <?php echo $rInfo->customers_name; ?><br /><br />
									<b><?php echo ENTRY_DATE; ?></b> <?php echo date_short($rInfo->date_added); ?>
								</td>
								<td class="main" align="right" valign="top">
									<?php echo image(HTTP_CATALOG_SERVER.DIR_WS_CATALOG_THUMBNAIL_IMAGES.$rInfo->products_image, $rInfo->products_name); ?>
								</td>
							</tr>
						</table>
					</td>
				</tr>
				<tr>
					<td>
						<table witdh="100%" border="0" cellspacing="0" cellpadding="0">
							<tr>
								<td valign="top" class="main">
									<b><?php echo ENTRY_REVIEW; ?></b><br /><br />
									<?php echo nl2br(break_string($rInfo->reviews_text, 15)); ?>
								</td>
							</tr>
						</table>
					</td>
				</tr>
				<tr>
					<td>&nbsp;</td>
				</tr>
				<tr>
					<td class="main">
						<b><?php echo ENTRY_RATING; ?></b>&nbsp;<?php echo image(HTTP_CATALOG_SERVER.DIR_WS_CATALOG.'templates/'. CURRENT_TEMPLATE .'/img/stars_'.$rInfo->reviews_rating.'.png', sprintf(TEXT_OF_5_STARS, $rInfo->reviews_rating)); ?>&nbsp;<small>[<?php echo sprintf(TEXT_OF_5_STARS, $rInfo->reviews_rating); ?>]</small>
					</td>
				</tr>
			<?php
			if ($_POST) {
				reset($_POST);
				while(list($key, $value) = each($_POST))
					echo '<input type="hidden" name="'.$key.'" value="'.htmlspecialchars(stripslashes($value)).'">';
			?>
				<tr>
					<td align="right" class="smallText">
						<?php echo '<a class="button" onclick="this.blur();" href="'.href_link(FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$rInfo->reviews_id.'&action=edit').'">'.BUTTON_BACK.'</a> <input type="submit" class="button" onclick="this.blur();" value="'.BUTTON_UPDATE.'"/> <a class="button" onclick="this.blur();" href="'.href_link(FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$rInfo->reviews_id).'">'.BUTTON_CANCEL.'</a>'; ?>
					</td>
					</form>
				</tr>
			<?php
			} else {
				if ($_GET['origin']) {
					$back_url = $_GET['origin'];
					$back_url_params = '';
				} else {
					$back_url = FILENAME_REVIEWS;
					$back_url_params = 'page='.$_GET['page'].'&rID='.$rInfo->reviews_id;
				}
				?>
				<tr>
					<td align="right">
						<?php echo '<a class="button" onClick="this.blur();" href="'.href_link($back_url, $back_url_params, 'NONSSL').'">'.BUTTON_BACK.'</a>'; ?>
					</td>
				</tr>
			<?php
			}
		} else { ?>
			<tr>
				<td>
					<table border="0" width="100%" cellspacing="0" cellpadding="0">
						<tr>
							<td valign="top">
								<table width="100%" class="dataTable">
									<tr class="dataTableHeadingRow">
										<td class="dataTableHeadingContent"><?php echo TABLE_HEADING_PRODUCTS; ?></td>
										<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_RATING; ?></td>
										<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_DATE_ADDED; ?></td>
										<td class="dataTableHeadingContent" align="center" width='5%'><?php echo TABLE_HEADING_STATUS; ?></td>
										<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_ACTION; ?>&nbsp;</td>
									</tr>
									<?php
									$sql = "SELECT 
												reviews_status, 
												reviews_id, 
												products_id, 
												date_added, 
												last_modified, 
												reviews_rating 
											FROM 
												".TABLE_REVIEWS." 
											ORDER BY 
												date_added DESC";
									$query = page_break_create($_POST['per_site'], $_GET['page'], $sql, 'reviews.php');    
									$reviews = $query['query'];
									while (!$reviews->EOF) {
										if(((!$_GET['rID']) || ($_GET['rID'] == $reviews->fields['reviews_id'])) && (!$rInfo)) {
											$reviews_text = $db->db_query("SELECT
																				r.reviews_read,
																				r.customers_name,
																				LENGTH(rd.reviews_text) AS reviews_text_size
																			FROM
																				".TABLE_REVIEWS." r,
																				".TABLE_REVIEWS_DESCRIPTION." rd
																			WHERE
																				r.reviews_id = '".$reviews->fields['reviews_id']."'
																			AND
																				r.reviews_id = rd.reviews_id");
											
											$products_image = $db->db_query("SELECT 
																					products_image 
																				FROM 
																					".TABLE_PRODUCTS." 
																				WHERE 
																					products_id = '".$reviews->fields['products_id']."'");
											
											$products_name = $db->db_query("SELECT 
																				products_name 
																			FROM 
																				".TABLE_PRODUCTS_DESCRIPTION." 
																			WHERE 
																				products_id = '".$reviews->fields['products_id']."' 
																			AND 
																				language_id = '".$_SESSION['languages_id']."'");
											
											$reviews_average = $db->db_query("SELECT (avg(reviews_rating) / 5 * 100) AS average_rating FROM ".TABLE_REVIEWS." WHERE products_id = '".$reviews->fields['products_id']."'");
											
											$review_info = array_merge($reviews_text->fields, $reviews_average->fields, $products_name->fields);
											$rInfo_array = array_merge($reviews->fields, $review_info, $products_image->fields);
											$rInfo = new objectInfo($rInfo_array);
										}
										if($reviews->fields['reviews_status'] == 0)
											$status = ' style="color:#888; font-style:italic"';
										else
											$status = '';
										if((is_object($rInfo)) && ($reviews->fields['reviews_id'] == $rInfo->reviews_id)) {
											echo '<tr '.$status.' class="dataTableRowSelected" onmouseover="this.style.cursor=\'pointer\'" onclick="document.location.href=\''.href_link(FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$rInfo->reviews_id.'&action=preview').'\'">'."\n";
										} else {
											echo '<tr '.$status.' class="dataTableRow" onmouseover="this.className=\'dataTableRowOver\';this.style.cursor=\'pointer\'" onmouseout="this.className=\'dataTableRow\'" onclick="document.location.href=\''.href_link(FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$reviews->fields['reviews_id']).'\'">'."\n";
										}
										?>
										<td class="dataTableContent">
											<?php echo '<a href="'.href_link(FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$reviews->fields['reviews_id'].'&action=preview').'">'.image(DIR_WS_ICONS.'preview.gif', ICON_PREVIEW).'</a>&nbsp;'.get_products_name($reviews->fields['products_id']); ?></td>
										<td class="dataTableContent" align="right"><?php echo image(HTTP_CATALOG_SERVER.DIR_WS_CATALOG.'templates/'. CURRENT_TEMPLATE .'/img/stars_'.$reviews->fields['reviews_rating'].'.png'); ?></td>
										<td class="dataTableContent" align="right"><?php echo date_short($reviews->fields['date_added']); ?></td>
											<td  class="dataTableContent" align="center"><nobr>
												<?php
												if($reviews->fields['reviews_status'] == 1)
													echo '<a href="'.href_link(FILENAME_REVIEWS, 'action=setflag&flag=0&id='.$reviews->fields['reviews_id'], 'NONSSL').'">'.image(DIR_WS_IMAGES.'icon_status_green.gif', IMAGE_ICON_STATUS_RED).'</a>';
												else
													echo '<a href="'.href_link(FILENAME_REVIEWS, 'action=setflag&flag=1&id='.$reviews->fields['reviews_id'], 'NONSSL').'">'.image(DIR_WS_IMAGES.'icon_status_red.gif', IMAGE_ICON_STATUS_GREEN).'</a>';
												
												?></nobr>
											</td>
											<td class="dataTableContent" align="right"><?php if ( (is_object($rInfo)) && ($reviews->fields['reviews_id'] == $rInfo->reviews_id) ) { echo image(DIR_WS_IMAGES.'icon_arrow_right.gif'); } else { echo '<a href="'.href_link(FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$reviews->fields['reviews_id']).'">'.image(DIR_WS_IMAGES.'icon_info.gif', IMAGE_ICON_INFO).'</a>'; } ?>&nbsp;</td>
										</tr>
										<?php
										$reviews->MoveNext();
									}
									?>
								</table>
								<table width="100%">
									<tr class="page_break">
										<td class="smallText" valign="top" width="33.3%"><?php echo 'Angezeigt werden '.$query['from'].' bis '.$query['to'].' (von insgesamt '.$query['total'].' Bewertungen)'; ?></td>
										<td class="smallText" align="center" width="33.3%"></td>
										<td class="smallText" align="right" width="33.3%">
											Bewertungen pro Seite: <?php echo $query['page_break']->perSiteDropdown($_GET['page']); ?>
										</td>
									</tr>
									<tr>
										<td align="center" colspan="3"><?php echo '<br />'.$query['links']; ?></td>
									</tr>
								</table>
							</td>
							<?php
							$heading = array();
							$contents = array();
							switch ($_GET['action']) {
								case 'delete':
									$heading[] = array('text' => '<b>'.TEXT_INFO_HEADING_DELETE_REVIEW.'</b>');
									
									$contents = array('form' => draw_form('reviews', FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$rInfo->reviews_id.'&action=deleteconfirm'));
									$contents[] = array('text' => TEXT_INFO_DELETE_REVIEW_INTRO);
									$contents[] = array('text' => '<br /><b>'.$rInfo->products_name.'</b>');
									$contents[] = array('align' => 'center', 'text' => '<br /><input type="submit" class="button" onclick="this.blur();" value="'.BUTTON_DELETE.'"/> <a class="button" onclick="this.blur();" href="'.href_link(FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$rInfo->reviews_id).'">'.BUTTON_CANCEL.'</a>');
									break;
								
								default:
									if (is_object($rInfo)) {
										$heading[] = array('text' => '<b>'.$rInfo->products_name.'</b>');
										$contents[] = array('align' => 'center', 'text' => '<a class="button" onClick="this.blur();" href="'.href_link(FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$rInfo->reviews_id.'&action=edit').'">'.BUTTON_EDIT.'</a> <a class="button" onClick="this.blur();" href="'.href_link(FILENAME_REVIEWS, 'page='.$_GET['page'].'&rID='.$rInfo->reviews_id.'&action=delete').'">'.BUTTON_DELETE.'</a>');
										$contents[] = array('text' => '<br />'.TEXT_INFO_DATE_ADDED.' '.date_short($rInfo->date_added));
										if (not_null($rInfo->last_modified)) $contents[] = array('text' => TEXT_INFO_LAST_MODIFIED.' '.date_short($rInfo->last_modified));
										if(file_exists(DIR_FS_CATALOG_THUMBNAIL_IMAGES.$rInfo->products_image))
											$contents[] = array('align' => 'center' ,'text' => '<br /><img src="'.HTTP_SERVER.DIR_WS_CATALOG_THUMBNAIL_IMAGES.$rInfo->products_image.'" alt="" />');
											
										$contents[] = array('text' => '<br />'.TEXT_INFO_REVIEW_AUTHOR.' '.$rInfo->customers_name);
										$contents[] = array('text' => TEXT_INFO_REVIEW_RATING.' '.image(HTTP_CATALOG_SERVER.DIR_WS_CATALOG.'templates/'. CURRENT_TEMPLATE .'/img/stars_'.$rInfo->reviews_rating.'.png'));
										$contents[] = array('text' => TEXT_INFO_REVIEW_READ.' '.$rInfo->reviews_read);
										$contents[] = array('text' => '<br />'.TEXT_INFO_REVIEW_SIZE.' '.$rInfo->reviews_text_size.' bytes');
										$contents[] = array('text' => '<br />'.TEXT_INFO_PRODUCTS_AVERAGE_RATING.' '.number_format($rInfo->average_rating, 2).'%');
									}
									break;
							}
							if((not_null($heading)) && (not_null($contents))) {
								echo '<td width="25%" valign="top" class="border">'."\n";
								$box = new box;
								echo $box->infoBox($heading, $contents);
								echo '</td>'."\n";
							}
							?>
						</tr>
					</table>
				</td>
			</tr>
			<?php
			}
			?>
			</table>
			</td>
		</tr>
	</table>
</div>
<?php require(DIR_WS_INCLUDES.'footer.php'); ?>
</body>
</html>
<?php require(DIR_WS_INCLUDES.'application_bottom.php'); ?>